信息收集 - 信息收集——资产监控拓展 - 《WEB渗透测试》

监控拓展方式
资产收集方法
演示案例

监控拓展方式

#Github监控
便于收集整理最新exp或poc
便于发现相关测试目标的资产
#各种子域名查询
#DNS，备案，证书
#全球节点请求CDN
枚举爆破或解析子域名对应
便于法相管理员相关的注册信息
#黑暗引擎相关搜索
fofa shodan zoomeye
#微信公众号接口获取
#内部群内部应用内部接口

资产收集方法

信息收集——资产监控拓展 - 图1

演示案例

监控最新的EXP发布及其他

#Title: wechat push CVE-2020
#Date: 2020-5-9
#Exploit Author: weixiao9188
#Version: 4.0
#Tested on: Linux,windows
#cd /root/sh/git/ && nohup python3 /root/sh/git/git.py &
#coding:UTF-8
import requests
import json
import time
import os
import pandas as pd
time_sleep = 60 #每隔 20 秒爬取一次
while(True):
headers1 = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3741.400 QQBrowser/10.5.3863.400"}
#判断文件是否存在
datas = []
response1=None
response2=None
if os.path.exists("olddata.csv"):
#如果文件存在则每次爬取 10 个
df = pd.read_csv("olddata.csv", header=None)
datas = df.where(df.notnull(),None).values.tolist()#将提取出来的数据中的 nan 转化为 None
requests.packages.urllib3.disable_warnings()
response1 = requests.get(url="https://api.github.com/search/repositories?q=CVE2020&sort=updated&per_page=10",headers=headers1,verify=False)
response2 =
requests.get(url="https://api.github.com/search/repositories?q=RCE&ssort=updated&per_page=10",hea
ders=headers1,verify=False)
else:
#不存在爬取全部
datas = []
requests.packages.urllib3.disable_warnings()
response1 = requests.get(url="https://api.github.com/search/repositories?q=CVE2020&sort=updated&order=desc",headers=headers1,verify=False)
response2 =
requests.get(url="https://api.github.com/search/repositories?q=RCE&ssort=updated&order=desc",heade
rs=headers1,verify=False)
data1 = json.loads(response1.text)
data2 = json.loads(response2.text)
for j in [data1["items"],data2["items"]]:
for i in j:
s = {"name":i['name'],"html":i['html_url'],"description":i['description']}
s1 =[i['name'],i['html_url'],i['description']]
if s1 not in datas:
#print(s1)